---
# System prepended metadata

title: 資安事件新聞週報 2023/2/13  ~  2023/2/17
tags: [資安事件新聞週報]

---

###### tags: `資安事件新聞週報`
# 資安事件新聞週報 2023/2/13  ~  2023/2/17

1.重大弱點漏洞/後門/Exploit/Zero Day
Citrix 已發布Workspace App安全更新
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and

Citrix針對虛擬化平臺與應用程式管理平臺進行修補
https://www.bleepingcomputer.com/news/security/citrix-fixes-severe-flaws-in-workspace-virtual-apps-and-desktops/

思科針對旗下產品發布更新，修補開源防毒元件ClamAV重大漏洞
https://www.securityweek.com/critical-vulnerability-patched-in-cisco-security-products/

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software
https://thehackernews.com/2023/02/critical-rce-vulnerability-discovered.html

Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/adobe-releases-security-updates-multiple-products

Adobe發出旗下多種軟體重大漏洞與修補公告，範圍涵蓋Photoshop、After Effects等9款產品
https://www.zerodayinitiative.com/blog/2023/2/14/the-february-2023-security-update-overview

Atlassian 發布 Jira 嚴重漏洞 CVE-2023-22501，並推出修補與暫時解決方案
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10317

微軟發佈2月份安全性公告
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/microsoft-releases-february-2023-security-updates

微軟發布2月份例行修補，緩解3個零時差漏洞
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2023-patch-tuesday-fixes-3-exploited-zero-days-77-flaws/

微軟強制關閉Windows 10 PC上的IE，6月將完全移除
https://www.ithome.com.tw/news/155538

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
https://thehackernews.com/2023/02/update-now-microsoft-releases-patches.html

錯誤配置和漏洞成雲端安全最大風險
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10319

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
https://thehackernews.com/2023/02/cisa-warns-of-active-attacks-exploiting.html

大數據軟體Splunk修補高風險漏洞
https://www.securityweek.com/splunk-enterprise-updates-patch-high-severity-vulnerabilities/

Intel修補處理器防護元件SGX漏洞
https://www.theregister.com/2023/02/15/intel_sgx_vulns/

IBM於1月修補的檔案共享系統漏洞出現攻擊行動
https://www.securityweek.com/recently-patched-ibm-aspera-faspex-vulnerability-exploited-in-the-wild/

SAP發布2月份例行修補，當中有10分的重大漏洞，用戶需盡快處理
https://www.securityweek.com/saps-february-2023-security-updates-patch-high-severity-vulnerabilities/

文件管理系統OnlyOffice、OpenKM、LogicalDOC、Mayan EDMS存在跨網站指令碼漏洞
https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/

2.銀行/金融/保險/證券/金融監理 新聞及資安
郵局也有資安問題？民眾信箱遭郵局員工「誤植」 收到別人的轉帳資料
https://n.yam.com/Article/20230216440604

上市櫃公司傳資安事件 證交所將依重訊查核機制調查
https://pchome.megatime.com.tw/news/cat1/20230215/16763926756910018003.html

領先同業 元大人壽正式開辦全通路遠距投保
https://money.udn.com/money/story/5613/6973778

臺灣金融資安必須升級2大理由：全球資安新威脅和後疫轉型新風險
https://www.ithome.com.tw/news/155467

金融資安行動方案2.0版3大新方向：資安長聯盟化、生態圈資安和零信任
https://www.ithome.com.tw/news/155468

國泰金與調查局簽署資安聯防合作備忘錄
https://www.chinatimes.com/realtimenews/20230214003126-260410?chdtv

金融與銀行業平均每週遭受 4,664 次網路攻擊，如何強化資安免疫系統
https://buzzorange.com/techorange/2023/02/08/cybersecurity-in-the-financial-services-industry/

3.信用卡/電子支付/行動支付/pay/支付系統/資安
挪威行動支付Vipps向蘋果發起挑戰 盼歐盟採取反壟斷行動
https://news.cnyes.com/news/id/5087703

Samsung Wallet來囉！三星宣布今起進軍台灣等8大市場　行動支付、數位鑰匙一機搞定
https://www.winnews.com.tw/115802/

歐付寶通過「APP無障礙開發指引」驗證　成為首家最友善支付APP
https://www.cardu.com.tw/mpay/detail.php?40553

升格電支納管 金管會限大型第三方支付3∕15回覆
https://ec.ltn.com.tw/article/paper/1567454

阿里巴巴退出印度電子支付業者Paytm，以約1.67億美元出售剩餘股份
https://reurl.cc/qk8aOD

存放現金風險大 業者籲開放電子支付
https://news.ltn.com.tw/news/society/paper/1565712

Apple Pay Later還沒有譜？蘋果遇上技術問題，官方的iPhone訂閱制也沒下文
https://www.bnext.com.tw/article/74116/apple-financial-tech-services-delay

4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
駭侵者以 16 個 NPM 詐騙測速程式套件來挖掘加密貨幣
https://www.twcert.org.tw/tw/cp-104-6933-0e237-1.html

全球收緊加密監管時，為何日本卻加緊擁抱 Web3 與穩定幣
https://www.blocktempo.com/where-other-countries-fear-crisis-japan-sees-opportunity/

印度央行公布第二屆全球駭客馬拉松，包括CBDC、區塊鏈可擴展性用例
https://news.cnyes.com/news/id/5087495

Web3社交平台CyberConnect與BNB Chain合作舉辦Web3社交駭客松活動
https://news.cnyes.com/news/id/5087251

政府監管槍聲響起 ｜為什麼幣安、Coinbase 會被 SEC 盯上？未來監管方向會如何
https://blockcast.it/2023/02/15/what-we-need-to-know-when-regulatory-actions-on-vasp/

SEC考慮制定可能打壓Coinbase和其他加密貨幣平台的規則
https://reurl.cc/Q4320M

ZachXBT：駭客Loyalist自2022年初以來已竊取超400萬美元的加密貨幣和NFT
https://news.cnyes.com/news/id/5089000

挪威查獲1.75億遭北韓駭客竊取加密貨幣　可用於資助平壤核武計畫
https://tw.nextapple.com/international/20230217/F42B30EF3A55B925B1C838BDF763C510

挪威扣押北韓所竊加密貨幣 價值高達580萬美元
https://money.udn.com/money/story/5599/6977137?from=edn_newest_index

14萬枚比特幣砸盤動向》Mt.Gox 兩大債權人選擇「領取BTC賠償」
https://www.blocktempo.com/mt-gox-2-largest-creditors-pick-payout-option-mostly-in-bitcoin/

台灣交易所介紹｜買 USDT 最優惠的入口平台「Rybit」
https://blockcast.it/2023/02/17/introducing-taiwan-exchange-rybit/

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
殭屍網路Mirai變種V3G4鎖定物聯網裝置漏洞而來 
https://unit42.paloaltonetworks.com/mirai-variant-v3g4/

New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices
https://thehackernews.com/2023/02/new-mirai-botnet-variant-v3g4.html

惡意軟體Frebniis濫用IIS伺服器功能建立後門，目標是臺灣組織
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis

逾500臺VMware ESXi主機感染勒索軟體ESXiArgs，法、德為主要災區
https://censys.io/the-evolution-of-esxiargs-ransomware/

鎖定VMware ESXi的勒索軟體近2年大幅出現
https://www.recordedfuture.com/in-before-the-lock-esxi

逾三分之一惡意軟體採用20種戰術與攻擊手法
https://www.picussecurity.com/resource/blog/the-red-report-2023-top-ten-attack-techniques

南美洲外交單位遭中國駭客鎖定，散布木馬程式ShadowPad 
https://twitter.com/MsftSecIntel/status/1625181255754039318

美國、南韓公共衛生機構遭北韓駭客鎖定，發動勒索軟體攻擊
http://www.cisa.gov/uscert/ncas/alerts/aa23-040a

研究人員揭露用於散布竊密軟體W4SP的惡意PyPI套件
https://www.fortinet.com/blog/threat-research/supply-chain-attack-via-new-malicious-python-packages-by-malware-author-core1337

美國加州奧克蘭市遭到勒索軟體攻擊，一週後宣布進入緊急狀態
https://www.oaklandca.gov/news/2023/city-of-oakland-targeted-by-ransomware-attack-core-services-not-affected

英國郵務業者Royal Mail遭勒索軟體LockBit索討6,500萬英鎊
https://www.itpro.co.uk/security/ransomware/370067/lockbit-releases-negotiation-history-royal-mail-ransom-65-million

太平洋島國東加遭到勒索軟體Medusa攻擊
https://therecord.media/tonga-is-the-latest-pacific-island-nation-hit-with-ransomware/

駭客採用新的C2中繼站框架Havoc來繞過防毒軟體偵測
https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace

美國組織遭到勒索軟體MortalKombat鎖定
https://blog.talosintelligence.com/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats/

竊密軟體Beep採用高度隱蔽的手法規避偵測
https://minerva-labs.com/blog/beepin-out-of-the-sandbox-analyzing-a-new-extremely-evasive-malware/

惡意NPM套件偽裝成網路速度測試工具，意圖利用受害電腦挖礦
https://blog.checkpoint.com/2023/02/14/check-point-cloudguard-spectral-detects-malicious-crypto-mining-packages-on-npm-the-leading-registry-for-javascript-open-source-packages/

勒索軟體BlackCat聲稱從愛爾蘭大學MTU竊得6 GB資料
https://www.bankinfosecurity.com/blackcat-leaks-data-belonging-to-irish-university-a-21192?

新惡意軟體M2RAT  北韓駭客組織攻擊南韓
https://www.technice.com.tw/cloudtech/infosecurity/37842/

又有新惡意程式利用ProxyShell漏洞散布
https://www.ithome.com.tw/news/155559

Exchange漏洞ProxyShell被用於挖礦攻擊 
https://blog.morphisec.com/proxyshellminer-campaign

ProxyShellMiner Campaign Creating Dangerous Backdoors
https://blog.morphisec.com/proxyshellminer-campaign

Open-source repository malware sows Havoc
https://www.reversinglabs.com/blog/open-source-malware-sows-havoc-on-supply-chain

NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool
https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
https://blog.talosintelligence.com/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats/
https://raw.githubusercontent.com/Cisco-Talos/IOCs/51bbac61a9f41dc2d2f7b1e96b21b651efbc6efb/2023/02/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats.txt

Beepin' Out of the Sandbox: Analyzing a New, Extremely Evasive Malware
https://minerva-labs.com/blog/beepin-out-of-the-sandbox-analyzing-a-new-extremely-evasive-malware/

Havoc Across the Cyberspace
https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace

Dalbit (m00nlight): Chinese Hacker Group APT Attack Campaign
https://asec.ahnlab.com/en/47455/

Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis

Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/

Recent TZW Campaigns Revealed As Part of GlobeImposter Malware Family
https://www.sentinelone.com/blog/recent-tzw-campaigns-revealed-as-part-of-globeimposter-malware-family/

Cyberattack on organizations and institutions of Ukraine using remote utilities (CERT-UA#5961)
https://cert.gov.ua/article/3863542

DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines
https://blogs.blackberry.com/en/2023/02/darkbit-ransomware-targets-israel

The Saaiwc Group conducts stealth activities in the name of multinational diplomacy
https://mp.weixin.qq.com/s/7KOjLgeHsgEI7KuDhFOiKA

Analysis of APT-C-56 (Transparent Tribe) camouflage resume attack campaign
https://mp.weixin.qq.com/s/xU7b3m-L2OlAi2bU7nBj0A

Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages
https://thehackernews.com/2023/02/researchers-uncover-obfuscated.html

451個惡意PyPI套件在受害電腦植入Chrome擴充套件，目的是竊取加密貨幣
http://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack

Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!
https://thehackernews.com/2023/02/python-developers-beware-clipper.html

惡意NPM套件aabquerys被駭客用於下載攻擊工具
https://www.reversinglabs.com/blog/open-source-malware-sows-havoc-on-supply-chain

Researchers Hijack Popular NPM Package with Millions of Downloads
https://thehackernews.com/2023/02/researchers-hijack-popular-npm-package.html

North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
https://thehackernews.com/2023/02/north-korean-hackers-targeting.html

U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks
https://thehackernews.com/2023/02/uk-and-us-sanction-7-russians-for.html

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
https://thehackernews.com/2023/02/new-esxiargs-ransomware-variant-emerges.html

A CISOs Practical Guide to Storage and Backup Ransomware Resiliency
https://thehackernews.com/2023/02/a-cisos-practical-guide-to-storage-and.html

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar
https://thehackernews.com/2023/02/experts-warn-of-beep-new-evasive.html

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries
https://thehackernews.com/2023/02/esxiargs-ransomware-hits-over-500-new.html

North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware
https://thehackernews.com/2023/02/north-koreas-apt37-targeting-southern.html

Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware
https://thehackernews.com/2023/02/financially-motivated-threat-actor.html

Armenian Entities Hit by New Version of OxtaRAT Spying Tool
https://thehackernews.com/2023/02/armenian-entities-hit-by-new-version-of.html

Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps
https://thehackernews.com/2023/02/hackers-using-google-ads-to-spread.html

B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
https://thehackernews.com/2023/02/patch-now-apples-ios-ipados-macos-and.html

macOS Ventura、Safari 更新　修正已被黑客利用漏洞
https://www.pcmarket.com.hk/macos-ventura-safari-update-fix-webkit-vulnerabilities/

蘋果釋出iOS 16.3.1、macOS 13.2.1，修補已遭利用的漏洞 
https://www.ithome.com.tw/news/155503

Google Rolling Out Privacy Sandbox Beta on Android 13 Devices
https://thehackernews.com/2023/02/google-rolling-out-privacy-sandbox-beta.html

駭客在蘋果與Google市集上架CryptoRom應用程式，透過騙人安裝陌生App投資加密貨幣來詐財
https://news.sophos.com/en-us/2023/02/01/fraudulent-cryptorom-trading-apps-sneak-into-apple-and-google-app-stores/

C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
電力設備業者飛宏證實發生資安事故，受影響系統皆已恢復運作
https://news.cnyes.com/news/id/5084651

政府系統遭駭客持續攻擊 屋崙進緊急狀態
https://reurl.cc/a1vX69

國際記者聯盟揭發秘密承包商 曾暗中干預全球30多場大選
https://news.ltn.com.tw/news/world/breakingnews/4211984

Tor網路遭到阻斷服務攻擊長達7個月
https://blog.torproject.org/tor-network-ddos-attack/

逾60個亞太地區組織在2021年遭駭客組織SideWinder攻擊
https://www.group-ib.com/media-center/press-releases/sidewinder-apt-report/

滑雪板製造商Burton遭到網路攻擊，取消網路訂單
https://www.burton.com/announcement/system-outage.html

美國針對已出現攻擊行動的Windows和蘋果裝置漏洞提出警告，要求聯邦機構限期修補
https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-ios-bugs-exploited-as-zero-days/

北歐航空遭到網路攻擊，起因疑為不滿瑞典焚燒古蘭經的抗議遊行
https://therecord.media/scandinavian-airlines-cyberattack-anonymous-sudan/

德國又傳三個機場網站當機　疑遭駭客攻擊
https://www.taisounds.com/Global/Top-News/EUROPE/uid6591018571

援助土耳其地震的北約組織遭到鎖定！俄羅斯駭客Killnet干擾救援行動
https://www.cybersecurityintelligence.com/blog/russian-cyber-attack-disrupts-earthquake-aid-6785.html

阿拉伯駭客Al-Toufan攻擊巴林機場與新聞媒體的網站
https://www.securityweek.com/hackers-target-bahrain-airport-news-sites-to-mark-uprising/

北韓駭客組織APT37透過惡意軟體M2RAT竊取電腦及手機資料
https://asec.ahnlab.com/ko/47622/

俄羅斯駭客Nobelium發起攻擊行動MagicWeb，針對AD聯邦服務伺服器植入後門
https://www.microsoft.com/en-us/security/blog/2023/02/08/solving-one-of-nobeliums-most-novel-attacks-cyberattack-series/

中國間諜氣球幕後黑手？ 日媒：習近平下令創建的「戰略支援部隊」
https://newtalk.tw/news/view/2023-02-17/857894

以色列Technion大學遭勒索軟體DarkBit攻擊
https://www.bleepingcomputer.com/news/security/ransomware-hits-technion-university-to-protest-tech-layoffs-and-israel/

New Threat Actor WIP26 Targeting Telecom Service Providers in the Middle East
https://thehackernews.com/2023/02/new-threat-actor-wip26-targeting.html

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems
https://thehackernews.com/2023/02/hackers-create-malicious-dota-2-game.html

Cloudflare證實客戶網站遭到大規模DDoS攻擊，駭客每秒發出7,100萬次請求
https://blog.cloudflare.com/cloudflare-mitigates-record-breaking-71-million-request-per-second-ddos-attack/

Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second
https://thehackernews.com/2023/02/massive-http-ddos-attack-hits-record.html

Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
https://thehackernews.com/2023/02/enigma-vector-and-tgtoxic-new-threats.html

資安業者Group-IB遭到中國駭客Tonto Team攻擊
https://www.group-ib.com/blog/tonto-team/

Chinese Tonto Team Hackers' Second Attempt to Target Cybersecurity Firm Group-IB Fails
https://thehackernews.com/2023/02/chinese-tonto-team-hackers-second.html

Hackers Targeting U.S. and German Firms Monitor Victims' Desktops with Screenshotter
https://thehackernews.com/2023/02/hackers-targeting-us-and-german-firms.html

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries
https://thehackernews.com/2023/02/researchers-link-sidewinder-group-to.html

Java初階工程師
https://www.104.com.tw/job/7wb8v?jobsource=m104

資安駐點工程師-ACSI
https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E9%A7%90%E9%BB%9E%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3471876486/?originalSubdomain=tw

國立陽明交通大學資訊技術服務中心 徵計畫技術員(網管資安)1名
https://infonews-fornthu.nctu.edu.tw/index.php?topflag=1&SuperType=2&SuperTypeNo=2&type=%BCx%A4%7E&id=20230200277&action=detail

【資安所】 資安管理師
https://www.104.com.tw/job/7wiyi?jobsource=googlejobs

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
簡訊詐騙占比創新高，Whoscall 提醒：注音文詐騙簡訊非偶然
https://technews.tw/2023/02/16/whoscall-5/

從華航到iRent都被「駭」 資安危機事件一演再演…… 40天四起個資外洩 中小企業資安拉警報
https://www.businesstoday.com.tw/article/category/183027/post/202302150040/

美國路易斯安那州大學HBCU於11月遭到攻擊，證實4.4萬學生個資外洩
https://therecord.media/louisiana-hbcu-says-personal-data-from-44000-students-accessed-in-november-cyberattack/

第一個GoAnywhere零時差漏洞受害組織出現！美國田納西州醫療機構CHS證實百萬病人資料外洩
https://www.databreaches.net/community-health-systems-estimates-1-million-patients-impacted-by-vendors-goanywhere-breach/

勒索軟體Clop聲稱利用GoAnywhere零時差漏洞攻陷130個組織
https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/

全球愛情詐騙氾濫，駭客很可能藉由ChatGPT建立取信受害者的資料
https://www.zawya.com/en/press-release/research-and-studies/tenable-warns-of-surge-in-romance-scams-that-abuse-the-currency-of-trust-luv5uw4z

當心愛情詐騙！FTC公布2022年有7萬人受害，損失金額高達13億美元   
https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2023/02/romance-scammers-favorite-lies-exposed

中國45億筆民眾個資流入暗網
https://www.cna.com.tw/news/acn/202302140227.aspx

百事可樂遭惡意軟體攻擊，證實資料外洩
https://www.bleepingcomputer.com/news/security/pepsi-bottling-ventures-suffers-data-breach-after-malware-attack/

美國婦產科醫院Garrison Women's Health傳出資料外洩，4千名病人就醫資料損毀
https://www.fosters.com/story/news/local/2023/02/10/garrison-womens-health-dover-nh-patient-medical-records-lost/69894288007/

暈船仔注意！Bing聊天機器人「瘋狂示愛」 紐時專欄作家嚇到失眠
https://newtalk.tw/news/view/2023-02-17/857934

短網址服務遭濫用，駭客將使用者重新導向AdSense詐欺網站  
https://blog.sucuri.net/2023/02/bogus-url-shorteners-redirect-thousands-of-hacked-sites-in-adsense-fraud-campaign.html

網域註冊服務商NameCheap遭駭，用戶收到假冒MetaMask與DHL的釣魚郵件
https://www.bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/

網路科技業者A10 Networks傳出遭勒索軟體Play攻擊，證實資料外洩
https://www.bleepingcomputer.com/news/security/a10-networks-confirms-data-breach-after-play-ransomware-attack/

華航證實電商平臺系統連線異常，逾5千筆會員資料可能外洩
https://mops.twse.com.tw/

整合機器學習模型ChatGPT的搜尋引擎Bing遭到誘騙，洩露開發機密 
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/

美國加州多個醫療組織傳出遭勒索軟體攻擊，330萬病人個資外洩
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Reddit Suffers Security Breach Exposing Internal Documents and Source Code
https://thehackernews.com/2023/02/reddit-suffers-security-breach-exposing.html

Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected
https://thehackernews.com/2023/02/massive-adsense-fraud-campaign.html

Breaking the Security "Black Box" in DBs, Data Warehouses and Data Lakes
https://thehackernews.com/2023/02/breaking-security-black-box-in-dbs-data.html

E.研究報告/工具
ChatGPT 評：比密碼、密鑰都還要安全！硬體密鑰為何受到科技巨頭青睞
https://buzzorange.com/techorange/2023/02/15/hardware-authentication/

蠕蟲惡意程式 Win32.Parite 深度分析與掃描程式
https://teamt5.org/tw/posts/how-to-detect-and-recover-from-virus-win32-parite/

IT業者Atlassian傳出資料外洩，起因是第三方供應商遭駭
https://cyberscoop.com/atlassian-hack-employee-data-seigedsec/

有人以資安業者Emsisoft的名義製作假憑證，鎖定該公司客戶下手
https://www.emsisoft.com/en/blog/43619/alert-threat-actors-are-using-fake-emsisoft-code-signing-certificates-to-disguise-their-attacks/

開發安全受到重視，主打記憶體安全為特色的程式語言Rust，套件採用增加6成
https://jfrog.com/artifact-state-of-union/

為防範洩露開發機密，GitHub更新機器學習模型Copilot
https://www.ithome.com.tw/news/155530

3 Overlooked Cybersecurity Breaches
https://thehackernews.com/2023/02/3-overlooked-cybersecurity-breaches.html

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
https://thehackernews.com/2023/02/regular-pen-testing-is-key-to-resolving.html

How ChatGPT Works: The Model Behind The Bot
https://towardsdatascience.com/how-chatgpt-works-the-models-behind-the-bot-1ce5fca96286

Here’s a question for ChatGPT: why should Big Tech control conversational search assistants
https://medium.com/enrique-dans/heres-a-question-for-chatgpt-why-should-big-tech-control-conversational-search-assistants-dcbba863178b

Your Open-Source Incident Response Platform
https://socfortress.medium.com/your-open-source-incident-response-platform-e9d839f02454

Open-source Data Tools will provide a way out of your overpriced cloud tools
https://medium.com/@wesleynitikromo/open-source-data-tools-will-provide-a-way-out-of-your-overpriced-cloud-tools-4041bc394eb4

F.商業
Check Point CloudGuard 雲端原生安全平台打造智慧風險管理引擎
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10322

思科：近九成台灣企業認為須加強保障人工智慧應用中的消費者數據隱私
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10320

資安市場規模上看488億美元 神準享紅利
https://news.cnyes.com/news/id/5087195

G.政府
資安連出包 金管會二階段防範
https://ctee.com.tw/news/finance/808089.html

簡訊實聯制個資曾經不當保留　NCC澄清：已全數刪除
https://www.peoplenews.tw/articles/3127321474

審計部指出「簡訊實聯制」個資管理不當有外洩風險，NCC澄清表示已經刪除
https://www.techbang.com/posts/104005-the-governments-anti-epidemic-personal-assets-management-and

政府防疫個資管理與外部稽核作業未盡妥善，審計部敦促改善
https://www.audit.gov.tw/p/406-1000-8556,r12.php?Lang=zh-tw

余正煌論文案惹議又和同仁爆口角 基層反彈他慘遭拔官
https://udn.com/news/story/7321/6975649

調查局一級主管調動 主秘吳富梅掌「天下第一處」
https://news.ltn.com.tw/news/society/breakingnews/4213407

93人！因應2024總統大選 調查局資安、國安及國情主管大異動
https://udn.com/news/story/7320/6975951

H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
NIST宣布採用Ascon系列演算法作為IoT裝置輕量加密標準
https://www.ithome.com.tw/news/155447

電動車充電樁通訊協定遭發現存有漏洞，可導致遠端關機、資料與電力遭竊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10318

VicOne打造車用虛擬化資安解決方案
https://ctee.com.tw/news/tech/808847.html

防止勒索病毒攻擊關鍵基礎設施　資安平台全面確保OT資安
https://reurl.cc/9VXWQ8

抖音出現駭入車輛解鎖的挑戰影片造成仿效！引發美國竊盜頻傳並造成死傷，現代、起亞打算召回升級防盜措施
https://www.bleepingcomputer.com/news/security/hyundai-kia-patch-bug-allowing-car-thefts-with-a-usb-cable/

工控設備漏洞挖掘競賽Pwn2Own Miami 2023在2月14至16日舉行
https://www.zerodayinitiative.com/blog/2023/2/13/pwn2own-miami-2023-the-full-schedule

Korenix JetWave工控無線Wi-Fi、電信路由器存在漏洞 
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/

西門子工控設備的通報漏洞數量大幅增加，2022年較前期翻倍  
https://14520070.fs1.hubspotusercontent-na1.net/hubfs/14520070/Collateral/SynSaber_Industrial-CVE-Retrospective_2020-2021-2022.pdf

工業控制系統已知漏洞缺乏修補的比例逾2成 
https://synsaber.com/resources/industrial-cve-retrospective-2020-2021-2022/

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices
https://thehackernews.com/2023/02/critical-infrastructure-at-risk-from.html

Honeypot-Factory: The Use of Deception in ICS/OT Environments
https://thehackernews.com/2023/02/honeypot-factory-use-of-deception-in.html

Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
https://thehackernews.com/2023/02/researchers-warn-of-critical-security.html

I.教育訓練
iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist

iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p

Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/

全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj

CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html

CISSP考試心得
https://reurl.cc/KbY83j

CISSP考試心得 – Benson
https://reurl.cc/GbWvxd

目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn

CISSP證照考試實戰心得 第一章：初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat

CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies

CISSP證照考試實戰心得 第三章：終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle

Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec

CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp

Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes

CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/

EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8

CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh

CEH
https://github.com/a3cipher/CEH

CodeRed by EC-Council
https://github.com/codered-by-ec-council

深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v

EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review

[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK

[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv

comptia-security-plus
https://github.com/ajfuto/comptia-security-plus

security-plus
https://github.com/fjavierm/security-plus

CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette

不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書）
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html

Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html

駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj

Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df

WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958

6.近期資安活動及研討會
資安免疫系統強化論壇 2023/2/21
https://buzzorange.com/techorange/forum/2023-cybersecurity-immune-system/

Hugging Face : Image Classification 2023/2/21
https://www.meetup.com/tensorflow-user-group-taipei/events/290714239/

加密大逃殺？善用 Web3 去中心化錢包 2023/2/22
https://www.accupass.com/event/2301301209062089881353

兩道資安關鍵防線 遠離遠距辦公資安風險 2023/2/23
https://www.accupass.com/event/2301170725591343770258

2023 資安365年會 數位供應鏈 資安不斷鏈 2023/2/23
https://www.informationsecurity.com.tw/seminar/2023_TPinfosecurity365/register.aspx

淺談總經數據與金融市場應用 2023/2/27
https://www.meetup.com/rladies-taipei/events/290280800/

資安保險與資安鑑識創新服務論壇暨ACFD第二屆第四次會員大會 2023/3/3
https://acfd.kktix.cc/events/ci2023

DEVCORE Conference 2023 - 3/10 企業場 2023/3/10
https://devcore.kktix.cc/events/devcoreconf2023-0310

DEVCORE Conference 2023 - 3/11 駭客場  2023/3/11
https://devcore.kktix.cc/events/devcoreconf2023

掌握資安趨勢 讓大數據決策市場研討會 2023/3/16
https://www.accupass.com/event/2212200343421615169635

2022 OT 工控資安年會-活動報名 2023/3/24
https://reurl.cc/5Mq327

iPAS-「初級」資訊安全工程師-能力研習衝刺班 2023/4/15、4/22 
https://www.cisanet.org.tw/Course/Detail/3948

iPAS中級資訊安全人員訓練班 2023/5/4 ~ 2023/6/1
https://edu.tcfst.org.tw/web/tw/class/show.asp?courseidori=12C013